Drupalgeddon 2 and Drupalgeddon 3, extremely dangerous vulnerabilities
At the end of March 2018, many web developers received a notification informing them of critical vulnerabilities found in Drupal. These vulnerabilities allow attackers to completely take over a website in minutes.
All sites on Drupal up to 7.58 were attacked first, and then sites on versions up to 7.59 . As for version 8, Drupal versions before 8.5.3 and 8.4.8 turned out to be unsafe. How was this vulnerability fixed in the new versions? Quite simply, a sanitizer function has been added that removes all potentially dangerous code.
Drupalgeddon 3 appeared almost immediately after Drupalgeddon 2. This is due to the fact that the vulnerability in the system was not immediately fixed. Therefore, some people share vulnerabilities in this way. What does Geddon mean? This word translates as a hive, and indeed the whole essence of the vulnerability lies in the fact that you can send data via ajax, which contains dangerous code. This code is not verified in any way and can be immediately executed. This kind of injection into the system.
It is quite easy to notice that your site on Drupal has been hacked . For example, new files and folders have appeared in the directories on the hosting of your sites, and the event log contains notifications with errors, which include addresses like:? Q = user / password & name [% 23post_render]  = "+ phpfunction +" & name [% 23type] = markup & name [% 23markup] = "+ =" form_id = user_pass & _triggering_element_name = name.
The vast majority of site owners on Drupal were instantly updated to new versions, but now you can still find sites that are still on older versions of this CMS. This means that they can be hacked at any time. Updating Drupal is not such a difficult task, you just need to do a few Sequential Steps . As a last resort, you can independently install a patch for old versions, or if you do not know how to install a patch for Drupal - then you can manually add the missing code from the new versions to the existing files of your Drupal site.
It so happened that the vulnerability was not completely eliminated immediately, so we had to release new versions twice, first Drupal 7.58 - in which, as it turned out later, the vulnerability was partially fixed, then Drupal 7.59 - in which the vulnerability was completely eliminated. Also for version 8 of this CMS. Therefore, if you have updated to intermediate versions, you will have to update again, otherwise the hacks will be repeated. Drupal exploits for Drupalgeddon 2 and Drupalgeddon 3 can be found online that anyone can use.
Thus, vulnerabilities are extremely dangerous, if your site has not yet been updated - do it as soon as possible.
- 09.11.23IT / Database Errors when migrating from MySQL 5.6 to 5.7 and how to fix them - database dump import failed with an error or INSERT does not work. Disabling STRICT_TRANS_TABLES strict mode or using IGNORE
- 09.07.22IT / Misc Convert office files DOC, DOCX, DOCM, RTF to DOCX, DOCM, DOC, RTF, PDF, HTML, XML, TXT formats without loss and markup changes
- 07.07.22IT / Safety How to protect PHP, JS, HTML, CSS source code - obfuscation, minification, compression and encryption
- 06.07.22IT / Safety Connection not secure, problem with Lets Encrypt - how to fix expired 09/30/2021 DST Root CA X3, remove it manually and install ISRG Root X1. Example on MS Windows 7
- 08.07.21IT / Misc How to make a free translation for a website without an API, translate documents in Google Translate